Microsoft releases beta tool for fighting DoS attacks

Microsoft has released The Dynamic IP Restrictions Extension beta for IIS 7. …

In June 2008, Microsoft released three tools to help IT administrators, DB administrators, and Web developers prevent and mitigate SQL injection attacks. Now, the software giant is trying to do the same with a tool to fight Denial of Service (DoS) attacks that adds an extra layer of defense.

The Dynamic IP Restrictions Extension beta integrates seamlessly into Internet Information Services (IIS) 7.0. The beta is available in 32-bit (655 KB) and 64-bit (739 KB) flavors. The tool is mainly for IT Professionals and Hosters who want a configurable module to help them mitigate/block DoS Attacks or cracking of passwords through brute-force by temporarily blocking IP addresses of HTTP clients who follow a malicious pattern. Analysis and blocking can be done at the Web Server or the Web Site level. Since the extension also offers the same functionality that exists in IIS 7.0 built-in IPv4 and Domain Restrictions, it is provided as a replacement for that component.

Microsoft notes six features for the extension:

Blocking of IP addresses based on number of concurrent requests - If an HTTP client makes many concurrent requests then that client’s IP address gets temporarily blocked.

Blocking of IP addresses based on number of requests over a period of time - If an HTTP client makes many requests over short period of time then that client’s IP address gets temporarily blocked.

Various deny actions - It is possible to specify what response to return to an HTTP client whose IP address is blocked. The module can return status codes 403 and 404 or just drop the HTTP connection and not return any response.

Logging of dynamically denied requests - All denied requests can be logged into a W3C formatted log file.

Displaying currently blocked IP addresses - A list of currently blocked IP addresses can be obtained by using IIS Manager or by using IIS RSCA APIs.